Overview

So you want to connect you on-premises deployment to the cloud with MyCloudIT? This guide will show you how to go from an On-premises Windows Server AD deployment to a full Hybrid deployment with MyCloudIT providing your RDS capabilities in Microsoft Azure.

To create a Domain-joined RDS (which connects to an existing Windows Server AD, we expect that the Windows Server AD Domain Controller is already running in a VM in Azure.

If you are migrating from an on-premises installation and are trying to extend into Azure, our portal can help simplify this connection by automating the installation of the Resource Group, Virtual Network and Virtual Machine within Azure. Once the VM is deployed in Azure, you can then connect the Azure Virtual Network to the on-premises network. Once the networks are connected, you can then promote the VM we created in Azure to a Domain Controller in the on-premises Active Directory.

Please note that you do not have to promote this VM to a Domain Controller (DC), but there is considerable traffic during an RDS creation process and the logon processes that will require all authentication to traverse the Site-to-Site VPN. This latency will probably create too many performance issues for your users. Please promote the VM in Azure to a DC (and not a Read-only DC) to provide the best deployment and user experience for your users.

Step-by-step Instruction

Here are the steps from our portal to create a VM. Again, once the VM is created, we will have also created the Resource Group and Virtual Network for you.

Create a VM within our Portal. Go into our Marketplace and create a new Windows Server under Virtual Machines.

Go through the Deployment details of your new VM. Here’s a screenshot with our suggestions.
We are creating a new standalone VM that we can then join to an existing on-premises Active Directory Domain. Once the Azure Virtual Network is connected to the on-premises network, you can then promote the VM created above to a DC.
If you are not familiar with connecting an on-premises network to an Azure Virtual Network, this article will provide an excellent overview of what is available: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-plan-design

Once the VM is up and running in Azure (creation time will be about 15 minutes), the next step is to create a Site-to-Site VPN back to the on-premises network. We do not automate the steps necessary to connect to an on-premises network, but here are the high level steps required, as well as some Microsoft guidance on how to accomplish these steps.

Add a Virtual Network Gateway to your existing Virtual Network (created for the VM above). The Virtual Network will typically be named VNET and will be in a Resource Group with the same name as your Server Name in the Server Name field above. In my example this will be MyfirstCloudDC. This article will show you how to create the Virtual Network Gateway: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portalNote: We have already completed “1. Create a virtual network” for you. In “2. Specify a DNS server”, you need to include the IP address of the Windows Server we created for you. Typically that address is 10.0.0.4.

Continue following the article above to complete the Site-to-Site VPN configuration. Once it is connected, you can confirm connectivity by pinging between the Azure based VM and a Windows server on-premises. Note: The default Windows Firewall will require an exception to allow ping to respond from the Azure based VM.

Once you’ve confirmed that the Azure based VM can communicate with the on-premises network, you are now ready to promote the Azure based VM to a DC in the existing Windows Server AD.

Once the VM is promoted to a DC, you can then come back to our portal and the create a Domain Joined RDS (or RemoteApp) deployment and point to your new DC in Azure.